'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:EXPLOIT Plone and Zope Remote CMD Injection Exploit(Rule ID:1070310029)

Release Date2025/9/15

Rule NameCVE-2011-3587: EXPLOIT Plone and Zope Remote CMD Injection Exploit Vulnerability

Severity:critical

CVE IDCVE-2011-3587

 

Descripiton

A vulnerability was found in Zope 2.12.x and 2.13.x, which was used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands. This rule supports to defend the A6: Vulnerable and Outdated Components and A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.